A honeypot in Web3 is a smart-contract scam where the contract appears to function normally, users can buy the token, sometimes even see paper profits, but selling is impossible because the contract has hidden logic that blocks transfers from non-deployer addresses.
Common patterns:
- A modifier that only allows transfers if the sender is whitelisted.
- A tax of 99% on sells but 0% on buys.
- A dynamic blacklist that the deployer adds buyers to.
- Logic that detects router calls and reverts on sells specifically.
Honeypots are routinely deployed on every chain that has a popular DEX and free contract creation. Detection tools (TokenSniffer, Honeypot.is, GoPlus) can flag the obvious cases, but novel honeypots get past automated checks. Do not buy tokens from anonymous deployers without a contract review, the listing on a DEX is not a signal of safety.